As computing resource services expand to accommodate more customers, security teams are often used as a primary point of control for service accounts. These security teams often delegate responsibility for managing these accounts to application teams. However, security teams may want to prevent permanent configuration changes to these accounts in order to maintain a desired configuration for these accounts. For example, security teams and other administrators of these accounts may utilize a process to detect and reverse any configuration changes to these accounts. However, creating an automated process to detect and reverse any configuration changes may require a significant amount of time from the security teams. Additionally, there may be a lag between detection of a configuration change and the reversal of such a change.